Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search

Stubsymbol.png This article is a stub. You can help by editing it.

PlatformMicrosoft Windows
Alias(es)Trojan.Zeroaccess (Symantec)

Trojan:Win32/Sirefef (MSE) Win32/ZeroAccess (AVG)

This box: view  talk  edit

ZeroAccess, also known as max++ and Sirefef is a rootkit that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system using rootkit techniques.


This variant of ZeroAccess infects Services.EXE, a critical operating system file. This variant is also a browser-redirector, redirecting to sites such as Stopzilla and other adware links. It will drop the following items to "C:\Windows\Installer\{d3886955-9395-1032-8b62-ad0753710459}"

  • L folder
  • U folder
  • @.sys
  • N.sys

It will also drop copies of the file into AppData.